Tenda AX3 Buffer Overflow Vulnerability in AdvSetMacMtuWan Function

A buffer overflow vulnerability has been identified in the Tenda AX3 router running firmware version V16.03.12.10_CN. This vulnerability arises in the 'AdvSetMacMtuWan' function, where the 'serverName' parameter is not properly validated. Attackers can exploit this oversight by sending excessively long data, leading to a stack overflow that overwrites the function's return address. Such exploitation can cause the router to crash, disrupting its normal service operations.

Impact

Exploitation of this vulnerability causes the router to crash, leading to a denial of service where the device fails to provide services correctly and persistently.

Reproduction

To reproduce this vulnerability, send a POST request to the '/goform/AdvSetMacMtuWan' endpoint. Include a 'serverName' parameter with a payload of repeated characters to exceed the buffer limit. The router will crash, demonstrating the successful exploitation of the buffer overflow.